Chore(deps): Bump the ui-app-python-minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the ui-app-python-minor-patch group with 4 updates in the /backend/compact-connect-ui-app directory: aws-cdk-aws-lambda-python-alpha, cdk-nag, coverage and ruff.

Updates aws-cdk-aws-lambda-python-alpha from 2.250.0a0 to 2.258.0a0

Release notes

Sourced from aws-cdk-aws-lambda-python-alpha's releases.

v2.257.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

  • aws-neptunegraph: AWS::NeptuneGraph::GraphSnapshot: GraphIdentifier property is now required.

Features

• update L1 CloudFormation resource definitions (#37955) (211b06c)
• core: failSynthOnValidationErrors context key to suppress console output and exit code (#37909) (deb968f), closes aws/aws-cdk-cli#1515

---

Alpha modules (2.257.0-alpha.0)

v2.256.1

Bug Fixes

• invalid lock file (#37943) (73ae91d), closes #37726 #37929 #37870

---

Alpha modules (2.256.1-alpha.0)

v2.256.0

Features

• aws-cdk-lib: emits performance counters if synthesis is slow (#37919) (caa0f4c), closes #37843
• core: validations report is always written to cloud assembly (#37867) (dddc6e0)
• ec2: replace any return types with specific interfaces in IPeer methods (#36637) (626e44d), closes #36636
• s3: support bucketNamePrefix and bucketNamespace properties (#37386) (997b003), closes #37760

Bug Fixes

• core: handle token-wrapped Boxes in property merge strategies (#37902) (18435e3)
• core: prevent stack overflow on large construct trees (#37901) (10163cb), closes #37903

---

Alpha modules (2.256.0-alpha.0)

v2.255.0

Features

• aws-cdk-lib: emits performance counters if synthesis is slow (#37843) (ea33967)
• bedrockagentcore: graduate to stable 🚀 (#37876) (00cf601)
• core: builtin PropertyMergeStrategys are now compatible with deferred Box values (#37844) (ca4b722)
• core: persist asset fingerprinting cache (#37822) (605a776)
• ec2: add C8A instance type support (#36736) (0d088ca), closes #36722

Bug Fixes

• core: cached Lazys use the Box API internally (#37889) (464fa3d)

... (truncated)

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.250.0 to 2.259.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.259.0

⚠ BREAKING CHANGES

• lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.x → Runtime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

  Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

Features

• core: recommend the use of weak references if no choice has been made (#38070) (6e74e5e)
• ecs: add forceNewDeployment option for Fargate and EC2 services (#36797) (3d9c4df), closes #27762
• eks: use the recommended AL2023 instead of AL2 AMI type (under feature flag) (#37850) (6a2dcb7), closes #32211
• lambda: upgrade lambda and custom resource default runtime to nodejs24.x (#38031) (36c84c6)

Bug Fixes

• spec2cdk: sanitize hyphens in EventBridge event namespace names (#38088) (b8f41bf), closes 40aws-cdk/spec2cdk/lib/naming/conventions.ts#L195

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (359f2fb), closes aws/aws-cdk#37951

---

Alpha modules (2.259.0-alpha.0)

v2.258.1

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (8ec236c), closes aws/aws-cdk#37951

---

Alpha modules (2.258.1-alpha.0)

v2.258.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-pcaconnectorad: AWS::PCAConnectorAD::ServicePrincipalName: ConnectorArn property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::ServicePrincipalName: DirectoryRegistrationArn property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry: GroupSecurityIdentifier property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry: TemplateArn property is now required.

Features

• core: trace property assignments in CfnResource.addPropertyOverride (#38072) (a226372)
• update L1 CloudFormation resource definitions (#37993) (664a878)
• aws-cdk-lib: emits performance counters if synthesis is slow (#38004) (cb03794), closes #37919 #37843
• bedrockagentcore: expose default endpoint application log group on Runtime (#37812) (8e25d78), closes #37796

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

• integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

• custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
• glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
• glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
• integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
• mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

• bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

• bedrock-agentcore-alpha: fix cedar policy bug (#37782) (e678d5c), closes #37828

... (truncated)

Commits

• 5afca52 chore(release): 2.259.0 (#38127)
• 64da93e chore: update changelog
• 772eeba chore: update analytics metadata blueprints
• 2e409c7 chore(release): 2.259.0
• 36c84c6 chore(lambda): upgrade lambda and custom resource default runtime to nodejs24...
• 18ebd9a chore(merge-back): 2.258.1 (#38120)
• 2b571d3 Merge branch 'main' into merge-back/2.258.1
• 5961de2 chore(deps): bump the pip group across 3 directories with 2 updates (#37937)
• acf0971 chore(deps): bump the pip group across 8 directories with 1 update (#37355)
• 0d3611a chore(release): v2.258.1 (#38118)
• Additional commits viewable in compare view

Updates cdk-nag from 2.37.55 to 2.38.2

Release notes

Sourced from cdk-nag's releases.

v2.38.2

2.38.2 (2026-04-27)

Bug Fixes

• prefix using Stage Construct ID to avoid StageName colissions (#2338) (c0d76f6)

v2.38.1

2.38.1 (2026-04-21)

Bug Fixes

• remove unnecessary test for serverSideEncryptionConfiguration to not be undefined (#2227) (9436814), closes #2226

v2.38.0

2.38.0 (2026-04-21)

Features

• add rule MWAAAllLoggingInfo (#2239) (03ad81a), closes #2238

v2.37.56

2.37.56 (2026-04-20)

Bug Fixes

• APIGWStructuredLogging: no stage description for CfnDeployment throws an error (#2268) (ac6dcd3), closes #2267
• Cognito user pool advanced security mode (deprecated) updated to plus tier (#2155) (5a8b71d), closes #2139
• prefix report filename with stage name to prevent collisions (#2302) (54e6425)
• release: use 'release' GitHub environment for publish jobs (#2333) (9b66acd)

Commits

• c0d76f6 fix: prefix using Stage Construct ID to avoid StageName colissions (#2338)
• 0d52df5 chore: add tests for uncovered branches in elasticbeanstalk rules (#2210)
• 4511bc0 chore: add tests for uncovered branches in apigw rules (#2190)
• b684354 chore: add tests for uncovered branches in codebuild rules (#2196)
• e4dc7d9 chore: add tests for uncovered branches in ecs rules (#2206)
• c6f2d4f chore: add tests for uncovered branches in ec2 rules (#2202)
• 07e6258 chore: add tests for uncovered branches in elasticache rules (#2208)
• e5d11b1 chore: add tests for uncovered branches in ecr rules (#2204)
• 8396469 chore: add tests for uncovered branches in cloudwatch rules (#2194)
• 51dd228 chore: add tests for uncovered branches in cognito rules (#2198)
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

• Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

• Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

• Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

• Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

• Fix: the soft keyword lazy is now bolded in HTML reports.

• We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162

... (truncated)

Commits

• 64d9b66 docs: correct the date for 7.14.1
• 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
• 078afae docs: sample HTML for 7.14.1
• cb4f028 docs: prep for 7.14.1
• ae2d09f Merge branch 'nedbat/classifire-316-kits'
• 2c3568b build: declare 3.16 compatibility
• faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
• eb55fee test: we don't need PyPy < 7.3.22 anymore
• ac168fe test: the text summary should show missing
• fed4bd2 chore: upgrade virtualenv
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view